Date
Victim
Summary
Threat Actor
Business Impact
Source Link
March 03, 2025
Rubrik
Rubrik rotates authentication keys after log server breach
Unknown
Rubrik disclosed last month that one of its servers hosting log files was breached, causing the company to rotate potentially leaked authentication keys as its security team discovered anomalous activity on a server that contained log files.
Source: Bleeping Computer
March 03, 2025
Stock Broker Angel One
Indian Stock Broker Angel One Discloses Data Breach
Unknown
Indian stock brokerage firm Angel One disclosed a data breach impacting client information stored in its Amazon Web Services (AWS) account. Following the data breach announcement, Angel One’s shares dropped over 11% in two days, hitting a 52-week low on March 3.
Source: Security Week
March 06, 2025
Carruth Compliance Consulting
Thousands of public school workers impacted by cyber attack on retirement plan administrator
Skira Ransomware
A December 2024 cyber attack on a prominent administrator for retirement plans has exposed the information of thousands of public school teachers and employees across the U.S. Dozens of public schools across the country reported data breaches to regulators in Maine, Massachusetts, Vermont and several other states, warning that sensitive data was stolen through Carruth Compliance Consulting – a company that provides third-party administrative services to public school districts and non-profit organisations for their 403(b) and 457(b) retirement savings plans. A new cybercriminal operation named Skira Team took credit for the attack, claiming to have stolen data from 36 public schools.
Source: The Record Media
March 06, 2025
NTT Communications Corporation
Data breach at Japanese telecom giant NTT hits 18,000 companies
Unknown
Japanese telecommunication services provider NTT Communications Corporation (NTT) has warned almost 18,000 corporate customers that their information was compromised during a cybersecurity incident. NTT said hackers breached its ‘Order Information Distribution System,’ which held details on 17,891 corporate customers (companies), but no data on personal customers (consumers).
Source: Bleeping Computer
March 10, 2025
PowerSchool
PowerSchool previously hacked in August, months before data breach
Unknown
PowerSchool has published a long-awaited CrowdStrike investigation into its massive December 2024 data breach, which determined that the company was previously hacked over 4 months earlier, in August, and then again in September as the breach impacted 6,505 school districts in the US, Canada, and other countries, with 62,488,628 students and 9,506,624 teachers having their data stolen.
Source: Bleeping Computer
March 17, 2025
Western Alliance Bank
Western Alliance Bank says nearly 22,000 impacted by file transfer software breach
Clop Ransomware
Phoenix-based Western Alliance Bank said the information of more than 20,000 people was stolen through a vulnerability in a popular file sharing tool last year. The bank confirmed that it was affected by a vulnerability in a “third-party vendor’s secure file try Western Alliance and numerous other organisations.” The information stolen includes names, Social Security numbers and in some cases, dates of birth, financial account numbers, driver’s license numbers, tax identification numbers and passports.
Source: The Record Media
March 18, 2025
GitHub Action
GitHub Action hack likely led to another in cascading supply chain attack
Unknown
A cascading supply chain attack that began with the compromise of the “reviewdog/action-setup@v1” GitHub Action is believed to have led to the recent breach of “tj-actions/changed-files” that leaked CI/CD secrets.
Source: Bleeping Computer
March 18, 2025
Dogequest
Dogequest Website exposes Tesla owners’ sensitive information
Unknown
A website called “Dogequest” allegedly published the personal information of Tesla owners across the U.S. in an apparent attempt to shame and intimidate them, amid tech billionaire Elon Musk’s growing interference in government. “Encouraging destruction of Teslas throughout the country is extreme domestic terrorism!!” Musk posted on X.
March 19, 2025
Pennsylvania State Education Association
Half a million people impacted by Pennsylvania State Education Association data breach
Rhysida Ransomware
More than 500,000 people were impacted by a cyber attack on the Pennsylvania State Education Association (PSEA) that took place in July 2024. The organisation published breach notices in several states and on its website, warning its current and former members as well as their dependants that hackers broke into their systems last year and stole state IDs, Social Security numbers, financial account numbers, payment card information, passport numbers, taxpayer IDs, health insurance information and medical data.
Source: The Record Media
March 19, 2025
Ascom, Jira
HellCat hackers go on a worldwide Jira hacking spree
HellCat Ransomware
Swiss global solutions provider Ascom has confirmed a cyber attack on its IT infrastructure as a hacker group known as Hellcat targets Jira servers worldwide using compromised credentials as the company announced that hackers breached its technical ticketing system and is currently investigating the incident. The HellCat hacking group claimed the attack and said that they stole about 44GB of data that may impact all of the company’s divisions.
Source: Bleeping Computer
March 19, 2025
Sperm donation giant California Cryobank
Sperm donation giant California Cryobank warns of a data breach
Unknown
US sperm donor giant California Cryobank is warning customers it suffered an April 2024 data breach that exposed customers’ personal information. An almost a year-long investigation has determined that the attack exposed varying personal data for customers, including names, bank accounts and routing numbers, Social Security numbers, driver’s license numbers, payment card numbers, and/or health insurance information.
Source: Bleeping Computer
March 20, 2025
China’s Baidu
China’s Baidu denies data breach after executive’s daughter leaks personal info
Human Error
Chinese search giant Baidu denied allegations it had suffered an internal data breach after a top executive’s teenage daughter posted personal details of other internet users online, sparking a controversy. Baidu said all employees and executives at all levels were prohibited from accessing user data and the information posted by the teenager originated from illegally obtained “doxing databases” on foreign platforms, which aggregate stolen private data.
Source: Reuters
March 21, 2025
Coinbase
Coinbase was primary target of recent GitHub Actions breaches
Unknown
Researchers have determined that Coinbase was the primary target in a recent GitHub Actions cascading supply chain attack that compromised secrets in hundreds of repositories as the threat actors modified the action to dump CI/CD secrets and authentication tokens into GitHub Actions logs.
Source: Bleeping Computer
March 21 and 26, 2025
Oracle
Oracle denies breach after hacker claims theft of 6 million data records, but customers confirm it
Rose87168, a BreachForums account name
Despite Oracle denying a breach of its Oracle Cloud federated SSO login servers and the theft of account data for 6 million people, it has been confirmed with multiple companies that associated data samples shared by the threat actor are valid.
Source: Bleeping Computer
March 26, 2025
StreamElements
StreamElements discloses third-party data breach after hacker leaks data
“Victim”, a BreachForum name
Cloud-based streaming company StreamElements confirmed it suffered a data breach at a third-party service provider after a threat actor leaked samples of stolen data on a hacking forum. A BreachForum hacker claimed to have stolen the data of 210,000 StreamElements customers on March 20, 2025 as the threat actor shared samples of the stolen data, which included full names, addresses, phone numbers, and email addresses.
Source: Bleeping Computer
March 26, 2025
Numotion
U.S. wheelchair maker Numotion says data breach impacted half a million customers
Black Basta group
Tennessee-based healthcare mobility services provider Numotion recently suffered a serious data security incident that compromised the sensitive personal information of nearly half a million individuals.
Source: Teiss UK
March 26, 2025
NYU
Hacker defaces NYU website, exposing admissions data on 1 million students
Computer Niggy Exploitation
The hacker accessed and replaced the NYU homepage with charts and links to large student datasets categorizing standardized testing scores based on race. The threat actor also claimed personal information identifying students was redacted but linked to four different datasets that included personal information on NYU applicants, their citizenship status and more.
Source: The Record Media
March 26, 2025
Lafayette Federal Credit Union
Over 75,000 people impacted in Lafayette Federal Credit Union data breach
Unknown
Maryland-based Lafayette Federal Credit Union said the data security incident it suffered last year compromised the sensitive personal information of more than 75,000 individuals.
Source: Teiss UK
